OPF.OpenProject.Activities.API.SQL.Injection
Description
This indicates an attack attempt to exploit a SQL Injection Vulnerability in OPF OpenProject.
A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the Activities API endpoint. Successful exploitation results in the execution of arbitrary SQL code against the underlying database.
Affected Products
OPF OpenProject 5.0.0 - 8.3.1
Impact
System Compromise: Remote attackers can add, view, delete or modify data in the database of the affected application
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://groups.google.com/forum/#!msg/openproject-security/XlucAJMxmzM/hESpOaFVAwAJ
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |